azsecrets: A CLI to Set Azure Key Vault as Environment Variables

April 13, 2019 (Modified on April 22, 2019) • Python Azure CLI • 2 minutes to read • Edit

azsecrets: A Cli to Set Azure Key Vault as Environment Variables

Repository: Documentation:

Using environment variables to store your secrets is one of the more natural way to do; these variables then can be used in your code throughout the life cycle of your Docker environment. You shouldn’t hard code your secret keys inside your application; it is just not secured. Docker lets you add the environment variable before creating an image or at the entry point when starting up your image, azsecrets lets you set these environment variables that are stored in Azure Key Vault.

I have borrowed the idea from docker-machine env CLI command, that spits out several environment variables that it needs to connect Docker CLI to a virtual machine; azsecrets does that for you.

This package can also be used as a module in your current code if you don’t want to use it as a CLI.


The CLI is written in Python 3 and is available in PyPi at To install it open your CMD/Terminal/Powershell and type in

pip install azsecrets


There are two ways to use azsecrets: as a CLI or as a package

Command Line Interface

Once you have installed the tool, you will have to set four environment variables (or give it as an argument in CLI) that Azure uses to access Key Vault.


You can then open CMD/Terminal/Powershell and type in

secrets env --shell bash
# export VAR-1=secret1
# export VAR-2=secret2

or via CLI

secrets --vault-base-url *** --client-id *** --secret *** --tenant *** env --shell bash
# export VAR-1=secret1
# export VAR-2=secret2

secrets --help will give you more information on the usage.

(base) akshayrajgollahalli:~ : secrets --help
Usage: secrets [OPTIONS] COMMAND [ARGS]...

  --version              Show version and exit.
  --vault-base-url TEXT  Azure KeyVault base URL. Defaults to None.
  --client-id TEXT       Azure KeyVault client ID.
  --secret TEXT          Azure KeyVault secret.
  --tenant TEXT          Azure tenant ID.
  --help                 Show this message and exit.

  env  Environment configuration: [powershell, cmd or bash].

As a Package

You can also use azsecrets as a package by just importing the object to your existing Python code; for example, in Django, you can set your secrets by doing (this example assumes that you have already set the four environment variables):

from azsecrets import AzureSecrets

# You can also set the four environment variables or pass the arguments through the object
az_secrets = AzureSecrets()

SECRET_KEY = az_secrets.get_secret("DJANGO-SECRET-KEY")

See for more information.

Happy coding.

comments powered by Disqus